9.2.2 vs 9.5.1
Kevin Darcy
kcd at chrysler.com
Wed Sep 9 17:25:49 UTC 2009
Riccardo Castellani wrote:
> I'm using 3 dns servers with Bind bind-9.2.2.P3-9
>
> Master A (domain1 + domain2)
> Slave B (domain1)
> Slave C (domain2)
>
>
> Now I'm migrating master A to Bind 9.5.1.dfsg.P3-1 together OS (Debian
> Lenny) so I'm interesting to know if there is some incompatible
> settings from/to slave servers.
> For example in slave B,C there is no setting about "auth-nxdomain
> directive" while in server A I found set "auth-nxdomain no";
According to the ARM, no change from 9.2.x to 9.5.x. The default is
still "no", so "auth-nxdomain no" is technically redundant. Some folks
like to make everything explicit, while others like to keep their
configs as minimal as possible and therefore go with default settings
wherever possible; it's a matter of personal preference.
> I have to specify in server A these 2 options to permit only zones
> transfer to these only 2 servers ?
>
> allow-transfer { IpServerB }
> allow-transfer { IpServerC }
According to the ARM, no change from 9.2.x to 9.5.x. The default is
still to allow all zone transfers. Note that if you use TSIG keys for
authenticating zone transfers, you can re-address your slaves at will
without having to keep your allow-transfer clauses up to date to match.
Generally speaking, key-based security is stronger than
source-address-based security anyway.
- Kevin
More information about the bind-users
mailing list